It's amazing to me - the inherent dysfunction that must be within the DO organisation for this to still not be implemented. At this point, after years of waiting, I'm not even mad anymore. Kinda just in awe.

Have the exact same use case as Mark Wylde (LetsEncrypt DNS challenge) and was surprised that I couldn't limit the API key scope to domains.dns read/write only. I'd be fine to edit this in a YAML file or something versus a fancy webinterface, but sticking this key on a box somewhere allowing access to dozens of droplets feels unsafe.

The lack of this feature makes the API unusable.

This is the only (blatantly) missing feature which makes me think again and again if we should leave this platform.

It does not make sense to offer features for medium-sized companies such as Kubernetes clusters while opening the doors wide for abuse with a single unrestricted token which has to be used in different places.

Adding new features and resources to the control panel & API all the time makes the attack surface grow even more. I am waiting for the first company's infrastructure to get hit really hard because of this dangerous limitation.

I get that DigitalOcean's initial target audience were single developers or small companies, but now I think that's no longer necessarily the case. You should really think about changing this, if you do not want to lose SMEs to the big cloud competitors.

(Btw, I built a proxy as workaround. It is far from complete though: https://github.com/djmaze/do-api-proxy)

(Forgot to add: It should also be possible to limit spaces access keys to individual spaces, but that's a different feature I admit.)

Similar use case, I'm running on DOKS cluster, and it could totally spin up a bunch of droplets if it wanted to. Being able to scope to DO API endpoints+verbs would get us a huge step closer to least privilege access

+1

That and also maybe adding an IP/resource restriction for where the token can be used from.

Excellent idea +1 from me